How to Guides

How to Create a VM inside a VeraCrypt Hidden Volume?

People are always in search of a powerful yet simple way to encode all digital data, from backup discs to system drives to everything in between. Designed exclusively to address these concerns and needs, VeraCrypt is a costless open-source tool that enables any user to lock up his or her files.

VeraCrypt can’t encrypt a partition or create a virtual encrypted disk inside a folder or (in Windows) the complete storage device with power-on authentication. The tool is a fork of the project TrueCrypt that has been discontinued.

VeraCrypt Main Features

The key attributes of VeraCrypt are as follows:

  1. It produces a virtual encrypted disk within a file and mounts it as a real disk.
  2. Encrypts a storage drive or partition where Windows is installed.
  3. It encrypts an entire storage device or partition such as hard drive or USB flash drive.
  4. Encryption is real-time (on-the-fly), automatic and transparent.
  5. Pipelining and parallelization allow data to be written and read as quickly as if the partition was not encrypted.
  6. On modern processors, encryption can be hardware-accelerated
  7. Provides reasonable deniability, in case an antagonist or attacker compels a user to disclose the PIN: Hidden volume as well as the hidden operating system.

The ability to create hidden volumes is one of the most unique and creative features of VeraCrypt. This implies that in addition to producing a regular VeraCrypt encrypted volume, a second hidden volume inside it can also be configured.

If a user puts in the password or pin code of the outer volume, he/she opens the outer volume. However, if the password for the hidden volume is entered, only then will the hidden volume be opened. The amazing part of this system is that it is not possible for an adversary or a hacker to know that a second volume actually exists. This enables plausible deniability. Nonetheless, it is vital for users to understand that there are also some possible dangers linked with this.

What is Plausible Deniability?

The term means that a user is able to refute the existence of any sensitive and important information on his/her PC because there is a lack of proof that the sensitive data exists on the PC. An adversary can surely accept that a user who is encoding data is guarding sensitive information.

VeraCrypt supports plausible deniability by enabling a single hidden volume to be formed within another invisible volume. Additionally, VeraCrypt enables a user to create a hidden encrypted OS. The presence of the hidden operating system or hidden volume can be denied as there will be no evidence that it actually exists.

A VeraCrypt device or partition will appear to contain random data and does not encompass any sort of “signature” that might reveal that the constituents are not, in fact, random data. Hence, it should not be possible to verify with certainty that a device or partition is an encrypted VeraCrypt volume. A plausible detail for a user having a device or partition that comprises random data is that he or she has safely removed or wiped the data using a tool that removes data by overwriting it with random files of text.

The first drive track, however, will encompass an unencrypted, easy-to-identify VeraCrypt Boot Loader. This will specify the potential existence of encrypted files of some kind that may be concealed on the PC. An adversary or attacker might then compel a user to disclose his or her key files or passwords. VeraCrypt can help form hidden volumes that will still be secured even if a user is forced to disclose a way to see some of the encrypted volumes or files on the PC. Therefore, the user can carry on to have plausible deniability. Additionally, it’s important to note that since all encryption is done on the fly and in real time, VeraCrypt is clear as crystal in operation.

In addition to hiding data, an entire Operating system (OS) can be hidden by a VeraCrypt hidden volume running on a Virtual Machine (VM). So, as long as the activity is limited to the VM, it is a great way of securing all computer use.

Why Use VeraCrypt?

The older versions of TrueCrypt can still be used and since VeraCrypt and TrueCrypt are almost identical in terms of interface, the same guide can be used for both of them. However, there were a few minor issues reported in the TrueCrypt code audit which have been fixed by VeraCrypt.

The improvements it includes have set the stage for VeraCrypt to be a real replacement. Several experts like Steve Gibson assert that it’s a good time to make the jump despite the fact that it is slightly slower than it precursor – TrueCrypt.

Still using an old version of TrueCrypt?

It is extremely urgent to switch to VeraCrypt. The TrueCrypt is still pretty good but VeraCrypt is the future.

What Will be Needed?

The tutorial that is coming ahead is based on the assumption that the reader is familiar with the VeraCrypt content and hidden volume guides. To follow the tutorial, the following things will be needed:

Step A – Create a VeraCrypt hidden volume


Create a hidden volume and make sure that the volume size is enormous enough to comprise both the hidden OS as well as any decoy files saved in the outer folder.

Step B – Install the OS using VM VirtualBox and VeraCrypt

1. Make sure that all VeraCrypt volumes are unmounted. Once it is ensured, mount the encrypted volume that was just formed.


Ensure to enter the hidden volume password

Now, mount the hidden volume

2. Fire up VirtualBox, click “New” to form a new Virtual Machine (VM).

3. Name and select the OS.

4. Decide on how much RAM the Virtual Machine (VM) OS should use. The more RAM the better, but bear in mind that it then takes away from the RAM available to the primary OS.

If the PC has a large size of RAM such as 16 GB, the user can afford to be generous with his/her VM.

5. Now the option to create a virtual hard disk will appear.

This step is not particularly essential. However, it is described below for demonstration purposes.

Don’t change the defaults unless there is a practical reason to not stick with it.

A “dynamically allocated” virtual drive is okay. Its maximum size will, in any case, be restricted by the space that is assigned for the hidden folder.

Maximum file size can be left high for the same reason (though few people suggested setting it just a little smaller than the space allocated for the hidden volume). Ensure to save the virtual drive file in the mounted hidden folder. Then click “Create”.

6. Select the recently created Virtual Machine in the VirtualBox Manager screen, then hit “Start”.

7. Select the OS, then click “Start”.

8. Once it boots up, the new OS inside a Virtual Machine will start running. Close it down.

But ensure not to ‘Save’ the machine state as it may complicate the next step.

9. Come back to the Virtualbox Manager window, select the ‘OS’, then ‘Settings’, then ‘Advanced’. Change the Snapshot Folder to the mounted hidden folder.

This should be the same folder in which the virtual disk was saved in Step B-5 above

  1. Move the new VM’s .vbox file manually to the hidden folder. This file is normally placed in the home directory. For instance, in Windows it is placed by default in C:/Users/[name]/VirtualBox MS.

Step C – How to Use the New hidden OS inside a VBM

  1. Mount the hidden volume using VeraCrypt.
  2. To launch VirtualBox, double-click the .vbox file. Select the VM, and click “Start”.
  3. Ensure to right click -> Remove it in the VirtualBox Manager window when the hidden OS is done using. Be sure to select “Remove only” (i.e. do not “Delete all files”).


  1. Be vigilant and avoid the creation of a shared folder between the host PC and the VM when using the VM, as this could compromise the privacy of user data.
  2. There is an option for Windows users of downloading a portable version of VirtualBox from which can itself be installed inside the hidden folder of VeraCrypt. This is an amazing way to not to reveal the fact that a VM is used at all.

Final Thoughts

Essentially, VeraCrypt starts from where TrueCrypt left off, adding an improved set of rules for partition and system encryption, and resolving plenty of the susceptibilities of the precursor – TrueCrypt. It loads the TrueCrypt volume as well as offers the capacity to change non-system partitions and TrueCrypt containers to the VeraCrypt format.

While VeraCrypt boosted security, it does add some deferral only to the encrypted partitions’ opening; it results in no performance impact to the application-use period. This, in fact, makes it even tougher for an invader to get access to the encrypted data.

The newest VeraCrypt updates can be downloaded from Codeplex, while they are also accessible at Sourceforge. Additionally, VeraCrypt source code is also hosted at Github and Bitbucket. All released files of VeraCrypt are signed by the encryption program Pretty Good Privacy (PGP). It is available for Windows, Mac OSX, and Linux.


VPN Benefits

Get privacy protection, Wi-Fi security, unrestricted access to content, and much more.

Don’t let the internet browse you!